Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Soundness issues in dependency sized-chunks (via im crate) #258

Closed
GeorgeHahn opened this issue Sep 11, 2020 · 5 comments · Fixed by #305
Closed

Soundness issues in dependency sized-chunks (via im crate) #258

GeorgeHahn opened this issue Sep 11, 2020 · 5 comments · Fixed by #305
Assignees
@Swatinem

Comments

@GeorgeHahn
Copy link

See bodil/sized-chunks#11.
@dbrgn
Copy link

dbrgn commented Sep 24, 2020

This also has a rustsec advisory: https://rustsec.org/advisories/RUSTSEC-2020-0041

Note that unfortunately there are no fixes so far.

@jan-auer
Copy link
Member

This also relates to #257, suggesting that we run the audit action as part of CI.

On a more direct note, this will require some closer investigation, as this is still open in sized-chunks and we rely heavily on im.

@boozook boozook mentioned this issue Sep 29, 2020
Open
@Roguelazer
Copy link
Contributor

Any update here? It's been three months and every project that uses sentry has unfixable rustsec advisories against it, which kind of unfortunate? The fact that the advisory causes memory safety issues during a panic is particularly unfortunate since sentry pretty often is involved in panics...

@Swatinem
Copy link
Member

Swatinem commented Jan 6, 2021

Like @jan-auer said, creating new hubs / pushing/popping scopes relies heavily on im, and it would seem that that library has been abandoned.
Which is unfortunate. We can just kick it our and use Arc and make_mut everywhere, at the cost of more allocations probably, so it is doable.

@Swatinem Swatinem mentioned this issue Jan 7, 2021
Merged
@dbrgn
Copy link

dbrgn commented Jan 8, 2021

Thanks @Swatinem!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@Swatinem Swatinem

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: Remove abandoned im crate in favor of Arc::make_mut getsentry/sentry-rust
5 participants
@dbrgn @Roguelazer @GeorgeHahn @Swatinem @jan-auer